I really don't think the code is vulnerable to anything... Maybe they made a typo... I don't really know, but I don't see any possible way that could be exploited. I would really like to know the answer to this one, as I have a few scripts that utilize eval() and I wouldn't want someone to be able to exploit them... I'd just like an explanation of how the eval(\$getit = \$y) is vulnerable to a code injection exploit (which I assume is what they are asking for).

but couldnt execute the command dir through the eval function...Do not know how to exploit the eval... Maybe the function is vulnerable only to some previous php versions... maybe...I tried exec,system and passthrough but nothing... hmmm......

Kind of hard to give a hint on... Wikipedia holds A LOT of answers ... Im not gonna post the exact article which helped me, because it tells you pretty much what to do... But look around - something in there might come in handy!

You guys playing around with functions as passthru, etc. are pretty close... You might want to take a VERY close look at whats special for the functions - which function is the best match for this task? (Small differences are important!)

im really stumped on this one, mainly bc i think there are so many options. According to the page , all im suposed to do is execute /etc/bin/moo . That is pretty easy to do system() would do it. but system wont take. ALso how close does formatting have to be accurate for example i could type?=10;system(\"/etc/bin/moo\");

and that would execute moo but its not taking, iv'e tried b***t***s, exec, system_exec, passthru still cant get it, is it my formatting?

I don't really understand how can you do anything with an eval that contains a constant string. Is the '\' in "\$y" really intentional? And, if it is, can anyone explain me (privately if you think it would be a spoiler) how does one inject code into a constant eval?